Merge pull request #3 from richard-cox/fix-http-only

Ensure HttpOnly, Secure and Domain are set for new sessions
nwmac · Aug 24, 2018 · 7d2ab22 · 7d2ab22
2 parents ea2757e + 3e1c1ba
commit 7d2ab22
Showing 1 changed file with 5 additions and 2 deletions.
diff --git a/sqlitestore.go b/sqlitestore.go
@@ -125,8 +125,11 @@ func (m *SqliteStore) Get(r *http.Request, name string) (*sessions.Session, erro
 func (m *SqliteStore) New(r *http.Request, name string) (*sessions.Session, error) {
 	session := sessions.NewSession(m, name)
 	session.Options = &sessions.Options{
-		Path:   m.Options.Path,
-		MaxAge: m.Options.MaxAge,
+		Domain:   m.Options.Domain,
+		HttpOnly: m.Options.HttpOnly,
+		MaxAge:   m.Options.MaxAge,
+		Path:     m.Options.Path,
+		Secure:   m.Options.Secure,
 	}
 	session.IsNew = true
 	var err error